36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488

General
Target

36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488

Size

12MB

Sample

220511-3arhsacfe3

Score
10 /10
MD5

d6c42156c6c44da64fe062891eb5aa17

SHA1

7fe05a8589a45d70d8c19f39b1d7c53390648e83

SHA256

36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488

SHA512

bb2002558c38c9f87a01c082f0c4d9d665400d8e834b4f34eaa200dcfe008670005d702d647698723de1db0cd3f517158b2b0f6b55a451dd62a64eb1915b038b

Malware Config

Extracted

Family raccoon
rc4.plain

Extracted

Family raccoon
Botnet c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
Attributes
url4cnc
https://telete.in/jbitchsucks
rc4.plain
rc4.plain
Targets
Target

36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488

MD5

d6c42156c6c44da64fe062891eb5aa17

Filesize

12MB

Score
10/10
SHA1

7fe05a8589a45d70d8c19f39b1d7c53390648e83

SHA256

36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488

SHA512

bb2002558c38c9f87a01c082f0c4d9d665400d8e834b4f34eaa200dcfe008670005d702d647698723de1db0cd3f517158b2b0f6b55a451dd62a64eb1915b038b

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation